Upload File

fine-grained access control for spatial services...e nforcing the need-to-know principle rüdiger...

  • Home
  • Documents
  • Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany
18
Fine-grained Access Control for Spatial Services ...enforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

Upload: aubrie-mcdaniel

Post on 15-Jan-2016

212 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

Fine-grained Access Control for Spatial Services

...enforcing the Need-to-Know PrincipleRüdiger Gartmann

con terra GmbH, Münster, Germany

Page 2: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

© con terra GmbH2

Actors:

Public Safety Scenario: Planning an Event

Page 3: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

© con terra GmbH3

User Groups

X

Page 4: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

© con terra GmbH4

Planning team

> Event preparation

> Plan roadblocks, routes, evacuation scenarios, personnel...

> Assign areas for police, firefighters, paramedics, ...

Control team

> Event monitoring

> Measuring of movements, reaction to incidents and emergencies, revision of plans, ...

> Management of emergency response teams

> Observation of surveillance cameras, location of suspects, ...

Access to All Information

Page 5: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

© con terra GmbH5

Access to Limited Information

Technical preparation

> Create roadblocks, traffic control systems, barriers, ...

> Seal gully holes, check security measures, ...

Emergency response teams

> Situation assessments

> Taking orders

> Status reports

> Finding places of accident

> Guidance, evacuation, protection...

Page 6: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

© con terra GmbH6

Access to Public Information

Tourists

> Plan their trips

> See what‘s going on

> Find friends

> Post information, photos, ...

> Get event notifications

Threats

> Only access to public information

Page 7: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

© con terra GmbH7

Regardless of the security classification, access is only permitted if there is an actual need

Planning team is allowed to see evacuation routes...

Control team is allowed to use surveillance cameras...

Poliecemen are allowed to report incidents...

Paramedics are allowed to request ambulances...

> ...but only for the very event they are actually dealing with!

Security Levels vs. Need-To-Know

Page 8: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

© con terra GmbH8

Class 1 Class 2 Class 3 Class 4

Event A

Event B

Event C

Event D

Authorisation Decision

Information is classified

Information is assigned to certain tasks

Users are classified

Users are assigned to certain roles (responsible for certain tasks)

Access is granted, only if

> classification level matches and

> task/role assignment matches

Page 9: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

based on security.manager

Access Control to Spatial Content

Page 10: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

© con terra GmbH10

Policy structure

Creating Policies

Subject Resource Action ObligationSubject Resource Action Obligation

Planning Team

Evacuation Routes

* Area of Interest, Classification = green

Subject Resource Action Obligation

Planning Team

Places to inspect

* Area of Interest, Classification = green

Policemen Places to inspect

Check Area of Duty, Classification = yellow

System is deny-biased

> Everyone without explicit permissions is denied

Page 11: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

© con terra GmbH11

Example: Places to Inspect

Page 12: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

Required Authorisation Capabilities

Page 13: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

© con terra GmbH13

Authorisation of Services

Full set

Authorize services in securityManager

Restricted

Page 14: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

© con terra GmbH14

Layer Authorisation

All layers

Restricted listof layers

Define rights

Page 15: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

© con terra GmbH15

Feature Authorization

All features Filtered to features classified as yellow

Classification = yellow

Page 16: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

© con terra GmbH16

Authorise Functionalities

Identify result

Assign permissions for operations in securityManager

Identify not authorized

Page 17: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

© con terra GmbH17

Spatial restrictionsin securityManager

Spatial Restrictions

Full extent

Spatial restriction for Germany

Page 18: Fine-grained Access Control for Spatial Services...e nforcing the Need-to-Know Principle Rüdiger Gartmann con terra GmbH, Münster, Germany

Rüdiger [email protected]

Thank you for your interest...

...and visit us in the exhibition!


Rüdiger Buck-Emden, Peter Zencke mySAP CRM

Meditation in Münster

Rüdiger Nehberg - Manual del Aventurero

FMK2015: Software Engineering Basics by Jan Rüdiger

Rüdiger Gartmann, on behalf of Andreas Wytzisk con terra GmbH, Münster, Germany Monetising SDIs... eLicensing and ePayment for Spatial Services

Tabellen - Universität Münster · PDF filePublizieren mit LaTeX Dr. D. Bucher, C. Schild, ZIV, Westf.-Wilhelms Universität Münster Tabellen

THE MÜNSTER SCHOOL OF BUSINESS AND ECONOMICS (MSBE) novedades/cursos de... · University of Münster | International Relations Center Universitätsstraße 14–16 48143 Münster

Dr. Roswitha Poll Münster

Rüdiger Höffer Structural Dynamics with Applications in

Introduction LHC Machine Protection Rüdiger Schmidt

Goodbye Münster, hello World !

Rüdiger Dahlke - A Betegség mint Szimbólumm.cdn.blog.hu/en/endo/Rüdiger Dahlke - A Betegség mint Szimbólum... · Title: Rüdiger Dahlke - A Betegség mint Szimbólum.pdf Author:

es studying and teaching WWU Münster: an overview...04 ffffflfiffi die WWU Münster im überblick //WWU Münster: an overview 05 forschung // research > Talent Research e nternational

Streamflow Data Assimilation Christoph Rüdiger

Rüdiger Schmidt Bullay Oktober 20071 The LHC collider I Rüdiger Schmidt - CERN Klausurtagung Graduiertenkolleg Bullay Oktober 2007 Challenges LHC accelerator

Rüdiger Trojok ITAS, University Kalrsruhe

University of Münster School of Business and Economics · 2014-11-10 · University of Münster, School of Business and Economics Münster: An Ideal Place to Study •More than 55,000

Bamboo Instrument Workshop – with Rüdiger Schödel · Bamboo Instrument Workshop – with Rüdiger Schödel - Rüdiger is a multiple Musician, Inventor of various new musical instruments

Rüdiger Dahlke: Súlyproblémák

Tablóide Rüdiger Seminovos

Museums in Münster - Stadt Münster: Rathaus€¦ · ed by the working committee Museums in Münster to present the city’s extensive museums’ scene. This museum guide is also

Technical Background Information · 2002 © SWITCH PAPI Rolf Gartmann, SWITCH Security Group December 2, 2002

Eric Ringhut MICE – Uni Münster Fliednerstr. 21, 48149 Münster [email protected]

A. Wenke DRG-Research-Group Münster DRG-System 2012 Änderungen für die Gefäßmedizin 1 Andreas Wenke DRG-Research-Group Münster Domagkstraße 20 48149 Münster

Clojure talk at Münster JUG

Kongress- und Tagungsguide Münster

Welcome to Münster - stadt-muenster.de · Welcome to Münster . Everything you need to know if you want to settle down in Münster: Living, working, studying, education, transport,

Welcome to Münster

The UniversiTy of MünsTer (WWU) · The UniversiTy of MünsTer (WWU) Founded in 1780, the University of Münster (WWU) is a university with tradition. 43,000 students, 3,500 international

M D Finance Center Münster, University of Münsterdocs.dises.univpm.it/web/quaderni/pdfmofir/Mofir064.pdfa Finance Center Münster, University of Münster, 48143 Münster, Germany

> Münster Graduate School of Evolution€¦ · The Münster Graduate School of Evolution (MGSE) is an interdisciplinary association of researchers at the University of Münster bridging

Westfälische Wilhelms-Universität Münster Volkswirtschaftliche Diskussionsbeiträge · Westfälische Wilhelms-Universität Münster Volkswirtschaftliche Diskussionsbeiträge

Welcome to Münster - muenster.de - Münster in Westfalen: … · 2015-12-28 · Municipal authorities and politics . 10. International Münster . ... – yesterday. today. tomorrow.“

Rüdiger Schmidt - Wuppertal Januar 20041 Der LHC Beschleuniger Rüdiger Schmidt - CERN Universität Wuppertal Januar 2004 Herausforderungen LHC Beschleunigerphysik

Mr. Rüdiger Dorn's presentation at QITCOM 2011